Customer Data Security Policy
Personally Identifiable Information (PPI) is defined as information which can be used to distinguish or trace a HES customer’s identity or when combined with other personal or identifying information which is linked or linkable to a specific customer.
PII obtained through a customer’s contract or through the actual provision of service shall not be used by HES except for the purpose of providing such services to the customer, billing and collecting for the same.
HES shall not disseminate PII, in any manner and shall not release or disclose PII to any person or entity other than TVA, except as such release or disclosure approved by the customer or required by any applicable law. In the event of any such required release or disclosure by law, HES shall endeavor to first notify the customer with reasonable promptness unless such disclosure is prohibited by law.
Nothing in this standard prohibits the release or disclosure of PII to the Tennessee Valley Authority (TVA). To the extent that PII is disclosed, TVA will safeguard and maintain confidentiality in accordance with the provisions of this same standard.
Nothing in this standard prohibits HES or TVA from using, disseminating, releasing, or disclosing any data or information from which all PII has been released by customer.
Effective: December 27, 2011